Read and analysis from the network traffic in flow-level.
Currently only support Linux/Ubuntu.
- Dependencies
sudo apt install build-essential libpcap-dev- Build the executable file
make- First, you can run the executable file with command down below:
./flowimpaler -f <a valid pcap file>- Waiting until flowImpaler finish reading process, it will enter a CLI look like this:
Input pcap filename: ../ncku_csie_imslab_1941058.pcap
No more packet from file.
=====================================================
Unique hosts (IP): 10422
Total amount of packets: 1941058
ARP (%): 1.48821 %
IPv4 (%): 90.15274 %
|- TCP (%): 66.21157 %
|- UDP (%): 22.70545 %
|- ICMP (%): 1.08467 %
IPv6 (%): 2.89512 %
Other (%): 5.46393 %
=====================================================
FlowImpaler@cyu> - And now you can type
helpto see the support by flowImpaler!
FlowImpaler@cyu> help
Welcome to use FlowImpaler!
Support commands:
-----------------------------------------------------------------------------------------
help : print this helping message, to illustrate user how to use our service.
exit : close this CLI elegantly.
-----------------------------------------------------------------------------------------
<src IP> : check all flow stats via specify srcIP.
<src IP> <dst IP>: check the flow stats via specify srcIP and dstIP.
-----------------------------------------------------------------------------------------
If you have counter any problem, feel free to contact me:
Email: [email protected]
Github: github.com/kevinbird61- Run directly (flowImpaler will listen on your default network interface). Without any option, default will be terminated until capture
100packets.
(sudo) ./flowimpaler -d - Run with specified timeout (For example down below, it will listen for
20second)
(sudo) ./flowimpaler -d -t 20- Run with specified packet counts (For example down below, it will terminate until capture
20packets)
(sudo) ./flowimpaler -d -c 20
Notice!
-thas higher priority than-c.
Kevin Cyu, [email protected]